Essentially a database

provides centralized contol

Records all password changes
Requires dedicated servers
Can be distributed across the world
Provide Resources (printers /share folder)
Services like email uses AD
Stores group policy
Everything in AD is an object

Domains

Logical group that shares the same AD database

Shares the same name space

Domian Controller
Runs AD Domain Services
Holds a copy of an AD database
Replicate changes with other DC

Windows 2008 new AD features

AD certificate services - issue certificates

AD Application Mode - allows application to access database of AD

AD Federation Service - Allows to communicate two different domains

AD Right Management - Protect documenets such as not to print ,read etc
RODC - domain controller with read only access . this is put in places where
any security issue. This can be easily removed from domain also
AD is now restartable
Granular password policy
AD snapshots - snapshots for the database